pablobm created an issue (openstreetmap/openstreetmap-website#6809)
Since [at least
2016](https://github.com/openstreetmap/openstreetmap-website/issues/1361#issuecomment-259391569)
there has been a desire to move the website to use
[Devise](https://github.com/heartcombo/devise), a Rails engine for handling
authentication with a long history and good regard in the Rails community. The
authentication solution currently in place is custom made and has grown
organically over the years, unfortunately getting to the point where it's now
difficult to maintain and mentioned as a blocker to any changes.
These are examples of features that have been proposed over the years, but have
been postponed until "after the move to Devise":
- [Require current password before accepting a new
password](https://github.com/openstreetmap/openstreetmap-website/issues/2144)
- [block extremely simple and common passwords like "12345678" on a
registration](https://github.com/openstreetmap/openstreetmap-website/issues/2285)
- [Bulk user account management tool for directed editing
teams](https://github.com/openstreetmap/openstreetmap-website/issues/1823)
- [Add optional two-factor authentication for user
accounts](https://github.com/openstreetmap/openstreetmap-website/issues/3476)
Here's a general [idea of the work
involved](https://github.com/openstreetmap/openstreetmap-website/issues/1823#issuecomment-382216575)
(as of 2018):
> I don't think it'll be just one PR. It'll involve lots of different changes
> to routes, thought given to things like our customised password hashing and
> signup acls, and slightly more standard things like having multistage signup
> (e.g. needing to view terms on a separate page) that will either be
> out-of-the-box or at least more likely to have existing devise plugins.
Fortunately, since then work has been done to bridge the gap (eg:
https://github.com/openstreetmap/openstreetmap-website/pull/3397,
https://github.com/openstreetmap/openstreetmap-website/pull/3147,
https://github.com/openstreetmap/openstreetmap-website/pull/3165,
https://github.com/openstreetmap/openstreetmap-website/pull/1595). There's
still work to do that needs to be defined properly though, and this ticket is
intended as an "epic" to discuss the work and help dividing and tracking it.
This work is covered by the OSMF's proposed [Core Software Roadmap for
2026/27](https://github.com/openstreetmap/software-roadmap), as part of the
plans to improve operational sustainability.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/6809
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/[email protected]>
_______________________________________________
rails-dev mailing list
[email protected]
https://lists.openstreetmap.org/listinfo/rails-dev
